If the Internal domain trusts the DMZ domain then you are slightly less secure. I assume the DMZ domain will not be accessible directly from the outside world? If so you should be OK. I would run the security configuration wizard on the DMZ domain controller to ensure it is locked down to the bare bones, also ensure it is running no unneeded services and is fully patched.

Rename all built-in user accounts on the DMZ domain and use complex passwords across the board.

Also, it goes without saying that you should limit the number of open ports between the outside world and the DMZ servers. If you want to be paranoid you could put the DMZ DC in a seperate DMZ to the sharepoint/ISA servers and lock down the ports between them. Finally ensure the minimum number of ports between your internal and external DC's.

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.

OK. So referring to my first post create the trust one way from the DMZ DC to the Internal DC that holds the PDC Emulator role. Ensure all devices in the DMZ are fully patched and run the Security Configuration Wizard against them all to close unnecessary ports and stop unneeded services. Also run correctly configured AV on the MOS and SQL servers.

Obviously limit the ports between the DMZ and Internal network to the required ports and hosts.

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory.
If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…

This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…

This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource.
Use Google, Bing, or other preferred search engine to locate trusted NTP …